containerd/patch/0084-containerd-Use-fs.RootPath-when-mounting-vo.patch

From 53c45a7abaea09e60e0175f192742c74d1be60e2 Mon Sep 17 00:00:00 2001
From: Vanient <xiadanni1@huawei.com>
Date: Thu, 31 Mar 2022 21:30:15 +0800
Subject: [PATCH] containerd:Use fs.RootPath when mounting volumes

fix CVE-2022-23648
upstream:https://github.com/containerd/containerd/commit/3406af86394c2426ce7f55d5f52be2b79f456211

Signed-off-by: Vanient <xiadanni1@huawei.com>
---
 .../containerd/cri/pkg/containerd/opts/container.go         | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go
index 7647c373c..2ea49b594 100644
--- a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go
+++ b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go
@@ -20,7 +20,6 @@ import (
 	"context"
 	"io/ioutil"
 	"os"
-	"path/filepath"
 
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/containers"
@@ -88,7 +87,10 @@ func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts {
 		}()
 
 		for host, volume := range volumeMounts {
-			src := filepath.Join(root, volume)
+			src, err := fs.RootPath(root, volume)
+			if err != nil {
+				return errors.Wrapf(err, "rootpath on root %s, volume %s", root, volume)
+			}
 			if _, err := os.Stat(src); err != nil {
 				if os.IsNotExist(err) {
 					// Skip copying directory if it does not exist.
-- 
2.27.0
containerd:Use fs.RootPath when mounting volumes 2022-05-23 10:34:51 +08:00			`From 53c45a7abaea09e60e0175f192742c74d1be60e2 Mon Sep 17 00:00:00 2001`
			`From: Vanient <xiadanni1@huawei.com>`
			`Date: Thu, 31 Mar 2022 21:30:15 +0800`
			`Subject: [PATCH] containerd:Use fs.RootPath when mounting volumes`

			`fix CVE-2022-23648`
			`upstream:https://github.com/containerd/containerd/commit/3406af86394c2426ce7f55d5f52be2b79f456211`

			`Signed-off-by: Vanient <xiadanni1@huawei.com>`
			`---`
			`.../containerd/cri/pkg/containerd/opts/container.go \| 6 ++++--`
			`1 file changed, 4 insertions(+), 2 deletions(-)`

			`diff --git a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go`
			`index 7647c373c..2ea49b594 100644`
			`--- a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go`
			`+++ b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go`
			`@@ -20,7 +20,6 @@ import (`
			`"context"`
			`"io/ioutil"`
			`"os"`
			`- "path/filepath"`

			`"github.com/containerd/containerd"`
			`"github.com/containerd/containerd/containers"`
			`@@ -88,7 +87,10 @@ func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts {`
			`}()`

			`for host, volume := range volumeMounts {`
			`- src := filepath.Join(root, volume)`
			`+ src, err := fs.RootPath(root, volume)`
			`+ if err != nil {`
			`+ return errors.Wrapf(err, "rootpath on root %s, volume %s", root, volume)`
			`+ }`
			`if _, err := os.Stat(src); err != nil {`
			`if os.IsNotExist(err) {`
			`// Skip copying directory if it does not exist.`
			`--`
			`2.27.0`